Chris Hughes

Resilient Cyber

Resilient Cyber brings listeners discussions from a variety of Cybersecurity and Information Technology (IT) Subject Matter Experts (SME) across the Public and Private domains from a variety of industries. As we watch the increased digitalization of our society, striving for a secure and resilient ecosystem is paramount.

Author

Chris Hughes

Category

Technology

Podcast website

www.buzzsprout.com

Latest episode

Jul 5, 2026

Where to listen?

Podcasts in the app Replaio Radio Coming soon

Podcasts are coming to the app soon. Install now and be the first to see a whole new take on podcasts

Get it on Google Play Install for free Android 5M+ downloads · 4.8 rating iOS soon

Episodes

Why Finding Vulnerabilities Was Never the Hard Part 05.07.2026

Every headline wants you to believe AI has rewritten the rules of cybersecurity.  Eric Doerr , the Chief Product Officer at Tenable a Resilient Cyber Partner, is not so sure.  After running security response at Microsoft and leading security products at Google Cloud, he came on to separate the genuine transformation from the noise, and his read is refreshingly grounded.  The tools changed, but the...

Rain Versus Flood, Making Sense of the 2026 CVE Surge 27.06.2026

CVEs are on pace to hit nearly 70,000 in 2026, but Jerry Gamblin explains why the actual exploitable risk is staying surprisingly flat. Description Jerry Gamblin runs RogoLabs and built CVE.ICU, and he co-authored the FIRST mid-year vulnerability forecast that just put 2026 on pace for nearly 70,000 CVEs. He joins Resilient Cyber to separate the scary headline number from what actually matters for...

You Don't Need A Frontier Model to Find Zero Days 18.06.2026

Niels Provos on why you don't need a frontier model to find zero days, why the Vulnpocalypse is overstated, and how security invariants change the game. Description Niels Provos has spent twenty-five years in security, from writing bcrypt to running security at Google and Stripe, and he came on to push back on the panic around AI and vulnerabilities. He explains why finding zero days is an or...

AI Industrialized the Vuln Lifecycle and Broke the System of Record 15.06.2026

VulnCheck's Patrick Garrity on the NVD collapse, the first real AI disclosure wave, and why remediation, not finding bugs, is the bottleneck. Description Vulnerability management spent years as the chore everyone dreaded, and now it is one of the hottest topics in security because attackers made exploitation the number one way in. Patrick Garrity of VulnCheck rejoins the show to separate what...

AI Is Winning the Cyber Arms Race 03.06.2026

For twenty years the security playbook started in the same place, find a vulnerability, prioritize it, and patch it. Doug Merritt, CEO of Aviatrix and former CEO of Splunk, thinks that playbook is quietly breaking, and his explanation has nothing to do with anyone being careless. The economics of offense changed underneath us, and most security programs are still funded as if they did not. Why thi...

Securing the Agentic SDLC 29.05.2026

In this episode of Resilient Cyber, I sit down with Katie Norton, Research Manager for DevSecOps and Software Supply Chain Security at IDC, to unpack what application security looks like as AI moves from copilot to autonomous teammate across the software development lifecycle. We dive into: 🤖 AI's accelerating impact on AppSec and the SDLC – and the productivity-versus-risk equation now that...

The Agentic GRC Revolution 19.05.2026

In this episode, we sat down with Richa Gual, CEO of Complyance , the AI-first enterprise GRC platform that recently raised a $20M Series A led by GV (Google Ventures), to dig into how legacy GRC is finally being disrupted and what role AI agents play in that transformation. We discussed why GRC has lived in the dark ages for so long, stuck in static documents, snapshot-in-time assessments, system...

Identity as Infrastructure in the Agentic Era 13.05.2026

In this episode of Resilient Cyber, I sat down with Karl McGuinness — author of Control Plane and one of the sharpest voices working on identity in the agentic era — to unpack what most of the industry is still getting wrong about IAM for AI agents. Karl's thesis is a provocation: we spent two decades optimizing authentication and authorization, and we built that stack for human-paced executi...

Why AI Security Feels So Fragile 01.05.2026

AI security feels fragile right now — and in this episode, Ron Bennatan, VP of Strategy, AI and Database Security at Varonis and founder of Guardium, JSonar, and AllTrue.ai, explains exactly why. Ron unpacks what "fragile" actually means in the context of AI: it's a black box that requires careful handling, is sensitive to pressure, and is being outpaced by change that isn't li...

You Can't Trust What You Can't Verify — The Case for AI Model Identity 28.04.2026

Most organizations deploying AI today cannot answer a deceptively simple question. Which model is actually running in their environment? It is not a hypothetical concern. Model substitution, supply chain compromise, adversarial fine-tuning, and jurisdictional compliance gaps are all live risk vectors — and the industry has largely been relying on contractual guarantees from AI vendors rather than...

Securing the Vibe: Tanya Janca on AI-Generated Code, Mythos, and the New AppSec Reality 27.04.2026

A new episode of the Resilient Cyber Show just dropped, and this one is a conversation I’ve been looking forward to for a long time. I sat down with Tanya Janca , better known to most of the AppSec world as SheHacksPurple . Tanya is the best-selling author of Alice and Bob Learn Application Security and Alice and Bob Learn Secure Coding , an OWASP Lifetime Distinguished Member, CEO of She Hacks Pu...

AI and the Future of Secure Coding 16.04.2026

What happens to application security when AI agents start writing most of the code? Jack Cable knows both sides of this problem better than almost anyone. As a Senior Technical Advisor at CISA, he helped architect the Secure by Design initiative that challenged the entire software industry to stop shipping insecure products and expecting customers to clean up the mess. Now, as the founder of Corri...

Your AI Agent Is Running As Root 08.04.2026

When you fire up Claude Code, Cursor, or any AI coding agent, it launches with your full system permissions, your SSH keys, cloud credentials, browser passwords, every file on your machine. Most developers never think twice about it. Luke Hinds did. And then he built something about it. Luke is the creator of Sigstore, the cryptographic signing infrastructure now used by PyPI, Homebrew, GitHub, an...

The 350 Million Problem: Securing the Businesses No One Else Will 17.03.2026

Show Description Joe Levy is the CEO of Sophos and a 30-year cybersecurity veteran who has held technical and executive roles across some of the industry's most recognizable brands. In this episode, we dig into a stat that should reframe how the entire industry thinks about its mission: out of roughly 359 million businesses worldwide, fewer than 32,000 have a CISO. That's less than one i...

Before the Breach: The Zero Day Clock and the Race Against Exploitation 11.03.2026

Show Description The Zero Day Clock is ticking — and the numbers should make every security leader uncomfortable. In this episode, I sit down with Sergej Epp, CISO at a leading security firm, who built the Zero Day Clock after a weekend experiment using AI to discover vulnerabilities firsthand. What he found shocked him: with no professional vulnerability research background and just a few hours o...

Securing the Future with Autonomous Defense 23.02.2026

Summary: In this conversation, Chris Hughes and Stanislav Fort discuss the transformative role of AI in cybersecurity, particularly in vulnerability management. Stanislav shares insights on how AI can discover zero-day vulnerabilities in widely used codebases, the challenges of balancing AI-driven discoveries with quality assurance, and the importance of proactive security measures. They also expl...

Selling Cyber: Deal Flow and Market Signals with Momentum Cyber 18.02.2026

In this episode of Resilient Cyber I catch up with Momentum Cyber 's Founder & CEO, Eric McAlpine . We will be unpacking 2025's M&A and capital market activities, using Momentum Cyber's 2025 Cybersecurity Almanac Report, as well as discussing some of the overlooked and untold details under the hood of cyber M&A, building world class teams and more.

Exploiting AI IDEs 17.02.2026

In this episode of Resilient Cyber , we will be sat down with Ari Marzuk , the researcher who published " IDEsaster ", A Novel Vulnerability Class in AI IDE's. We will be discussing the rise of AI-driven development and modern AI coding assistants, tools and agents, and how Ari discovered 30+ vulnerabilities impacting some of the most widely used AI coding tools and the broader risk...

AI is Ready for Production - Security, Risk and Compliance Isn't 10.02.2026

In this episode of Resilient Cyber, I sit down with VP, Product Marketing and Strategy for Protegrity, James Rice.  We will be discussing how traditional approaches to security aren't solving the AI security challenge, the importance of data-centric approaches for secure AI implementation and addressing issues such as AI data leakage. James and I dove into a lot of great topics, including: Wh...

Hacking the OpenClaw Hype 07.02.2026

In this episode of Resilient Cyber , I sit down with Jamieson O'Reilly , Security Researcher and Founder @ Dvuln . Jamieson recently went viral for his hacking activities demonstrating the vulnerabilities and exploitation of OpenClaw (previously ClawdBot and Moltbot), from exposed servers, backdooring skills and demonstrating how to perform potential account takeovers.  Jamieson is now helpin...

Switching to Cyber - Navigating Cybersecurity Careers 06.02.2026

In this episode of Resilient Cyber , I sit down with longtime Cyber practitioners and leaders Helen Patton and Josiah Dykstra to dive into their latest book, "Switching to Cyber: The Mid-Career Guide to Launching a Cybersecurity Career". The book aims to help mid-career professionals pivot into the cyber career field and navigate finding their cyber niche, bridging skill gaps and conquer...

Resilient Cyber w/ Anshuman Bhartiya - AI-native AppSec 22.01.2026

In this episode of Resilient Cyber I sit down with Anshuman Bhartiya to discuss AI-native AppSec. Anshuman is a Staff Security Engineer at Lyft, Host of the The Boring AppSec Community podcast, and author of the AI Security Engineer newsletter on LinkedIn.  Anshuman has quickly become an AppSec leader I highly respect and find myself learning from his content and perspectives on AppSec and Securit...

Resilient Cyber w/ Jerry Gamblin - CVE Retrospective & Looking Forward 09.01.2026

In this episode of Resilient Cyber I'm joined by one of my favorite Vulnerability Researchers, Jerry Gamblin . Jerry recently published a comprehensive 2025 CVE retrospective, which we will dive into, as well as his thoughts around trends and patterns we may see emerge in the vulnerability management landscape moving into 2026 and beyond.

2025 Cybersecurity Macroeconomic Retrospective 18.12.2025

In this episode of Resilient Cyber , I sit down with my friend and the Founder of Return on Security (RoS), 💰 Mike Privette . Mike is the among the best our community has to offer when it comes to analyzing the macroeconomic trends of the cybersecurity ecosystem, from M&A, fundraising, startups, innovation, and venture capital. We will dig into the macroeconomics of cyber this past year, key...

Resilient Cyber w/ Patrick Garrity - 2025 VulnMgt Research Roundup 12.12.2025

In this episode I sit down with my friend and Vulnerability Researcher Patrick Garrity 👾🛹💙 of VulnCheck to do a roundup of the latest trends, analysis and insights into the vulnerability and exploitation ecosystem throughout the past year. We covered a lot of great topics, including: - The most notable vulnerability trends over 2025, including what has changed, or stayed the same in the past ye...

Listen to the Resilient Cyber podcast in Replaio

Radio and podcasts in one app - free, with no sign-up. Install today and do not miss the launch

Get it on Google Play

Replaio is not a podcast publisher; show names, artwork and audio belong to their authors and are distributed through public RSS feeds.